Blog Posts Tagged with "CERT"

For collective intelligence directed at security breaches, I would argue, that an effective means of transparently sharing details without fear of recrimination and embarrassment would greatly reduce the impact of such breaches. Fine idea, but how can this be achieved?

US-CERT "encourages users and administrators to utilize the FBI's rogue DNS detection tool to ensure their systems are not infected with the DNSChanger malware. Computers testing positive for infection of the DNSChanger malware will need to be cleaned of the malware to ensure continued Internet connectivity..."

Cybersecurity is identified as a priority issue to enhance the efficiency of prevention and incident response. The report invites federal and private sector partners to accelerate initiatives to enhance data collection, detect events, raise awareness, and respond to incidents...

While there are many books on important security topics such as firewalls, encryption, identity management and more, The CERT Guide to Insider Threats is the one of the first to formally tackle the devastating problem of trusted insiders who misappropriate data...

Countries are drafting policies to combat cyber attacks, but what can be done on the multilateral level since the digital world routinely ignores national boundaries? So far, international initiatives are plagued by the lack of frameworks, institutions and procedures...

Oracle has released its Critical Patch Update for April 2012 to address 88 vulnerabilities across multiple products. US-CERT encourages users and administrators to review the April 2012 Critical Patch Update and apply any necessary updates to help mitigate the risks...

"Vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution..."

The Cisco AnyConnect ActiveX control contains a buffer overflow vulnerability which can allow a remote attacker to convince a user to view a specially crafted HTML document, and the attacker may be able to then execute arbitrary code...

Apple has released security updates for Apple iOS, Apple TV, and iTunes to address multiple vulnerabilities which may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass security restrictions...

Cisco has released six security advisories this week to address vulnerabilities that may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with escalated privileges and bypass security restrictions...

US-CERT encourages users and administrators to utilize the FBI's rogue DNS detection tool to ensure their systems are not infected with the DNSChanger. Computers testing positive for infection of the malware will need to be cleaned to ensure continued Internet connectivity...

We should re-assess which attacks should be investigated and which should be let go. The FBI and US-CERT are overwhelmed with tracking everything from probes against government networks to DDoS attacks to targeted attacks against the Defense Industrial Base...

Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign. These messages may appear to be from the IRS and ask users to submit personal information...

US-CERT has received reports of attacks using malware-laden email attachments. The advisory comes one week after multiple DDoS attacks were launched against entertainment industry and US government websites by Anonymous supporters in an operation dubbed OpMegaupload...